Blog

August 20, 2019 – Cities Are Facing A Deluge Of Cyberattacks, And The Worst Is Yet To Come

Three years ago, I published a whitepaper titled, “An Emerging US (and World) Threat: Cities Wide Open to Cyber Attacks.” It turns out that some of the cyberattacks and threats I described came to fruition, and this just seems to be the tip of the iceberg. Soon, everyone living in a city may suffer the consequences of cyberattacks in some capacity.

What I learned while compiling my research for my whitepaper is that most technologies being used in cities services and infrastructure around the world are insecure and can be hacked. I described some of the technologies, cybersecurity problems, possible cyber threats, attacks and attackers. I concluded that the more technology cities use, the more vulnerable to cyberattacks they could become.

Now after three years, some different types of cyberattacks I wrote about have actually taken place, and they are becoming more common:

• November 4, 2016 — Sweden air traffic Control systems: Attack affected several airports, preventing air traffic controllers from seeing aircraft on their screens. This resulted in the cancellation of multiple domestic and international flights and affected thousands of people.

• April 7, 2017 — Dallas emergency alarms: Attackers activated 156 emergency sirens at 11:40 p.m., waking up and frightening a lot of people until 1:20 a.m. when the alarms were turned off. The incident resulted in 4,400 calls to 911.

• October 11, 2017 — Sweden Transport Administration systems: A distributed-denial-of-service (DDoS) attack affected systems that monitor trains. It also affected the federal agency email system, website and road traffic maps. Train traffic and other services had to be managed manually, using backup processes. Some trains stopped and had delays that affected thousands of passengers.

• March 22, 2018 — Atlanta municipal systems: Attackers used ransomware to infect city systems. They demanded $51,000 in digital currency and caused outages across various important city systems.

It’s clear that cyberattacks on city systems and infrastructure are increasing every year, with a growing impact on people, too. While some attacks are prevented or stopped before they become major incidents, any successful attack can cause serious disruptions that affect thousands of people.

At the time I wrote the whitepaper, I wasn’t worried too much about the cyber threats and attacks because I thought there was still time to start improving cybersecurity. Also, I wrongly assumed that stakeholders (technology vendors, government officials, the general public, etc.) would pay attention and take immediate action.

I didn’t want to point out problems without doing anything else since these cybersecurity problems affect everyone living in cities (and that includes me). I eventually took action. In May 2015, with the help of my employer, colleagues and other organizations, we started Securing Smart Cities,a nonprofit organization that works on cybersecurity challenges that cities across the world are facing.Working at Securing Smart Cities, we have created several useful resources for anyone interested in improving cybersecurity in cities. It has been a great effort and we think we have contributed as much as we can, but there is still a lot of work to do since cybersecurity problems seem to be increasing and not disappearing.

There are other important nonprofits with great resources and outreach capabilities such as 100 Resilient Cities. Although this organization, which was created by the Rockefeller Foundation, doesn’t place a strong emphasis on cybersecurity, it still aims to help cities become more resilient to common challenges (and one can assume that with the increase of cyberattacks carried out against cities, 100RC will eventually make this a top priority). There’s also the National Institute of Standards and Technology (NIST), a division of the U.S. Department of Commerce that has created two critical frameworks that “allow smart city infrastructures to achieve cybersecure interoperability.”

I will keep doing my best and continue creating public awareness, but I would like to encourage everyone to get involved in any way you can and take action. We are all inhabitants of some city and we are all currently exposed to the threat of cyberattacks. Politicians should hear loud and clear that cybersecurity problems are real and that there is an urgent need to do something about them or we will continue to suffer serious consequences.